Encoding objects leak memory if decoding fails #8
Comments
|
I have fixed this issue in my fork of p5-encode, https://github.com/chansen/p5-encode/commit/c0aaf6c930e6a0530184bcbcfaa5a98dc8d8c772. chansen |
|
Here's also a oneliner to demonstrate the issue. Hope the fix by @chansen gets applied quickly, it's not very hard to exploit this for DoS attacks. |
|
Thank you folks, especially chansen@c00aaf6c . My github repo is fixed accodingly and offical VERSION++ soon to follow. Dan the Maintainer Thereof |
jperkin
pushed a commit
to TritonDataCenter/pkgsrc-legacy
that referenced
this issue
Dec 9, 2013
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $ ! Encode.xs + t/cow.t Addressed: COW breakage with _utf8_on() https://rt.cpan.org/Ticket/Display.html?id=88230 ! Encode.pm Reverted the document accordingly to #11 dankogai/p5-encode#10 + t/decode.t Unit test for decoding behavior change in #11 dankogai/p5-encode#12 2.53 2013/08/29 15:20:31 ! Encode.pm Merged: Do not short-circuit decode_utf8 with utf8 flags dankogai/p5-encode#11 Merged: document decode_utf8 behaviour more precise dankogai/p5-encode#10 ! Makefile.PL Added repository cpan metadata dankogai/p5-encode#9 2.52 2013/08/14 02:29:54 ! ucm/*.ucm Addressed: Unicode Mappping tables are missing Unicode Inc. license notification All files including "as long as this notice remains attached" now have that notice attached in the comment section. (cp* and mac* do not since their source files do not include that notice) https://rt.cpan.org/Ticket/Display.html?id=87340 ! lib/Encode/MIME/Header.pm t/mime-header.t Addressed: encoding "0" with MIME-Headers gets a blank string https://rt.cpan.org/Ticket/Display.html?id=87831 ! Encode.pm Addressed: Documentation buglet https://rt.cpan.org/Ticket/Display.html?id=84992 ! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL Symbol/Makefile.PL TW/Makefile.PL Applied: Patch to output #includes in deterministic order https://rt.cpan.org/Ticket/Display.html?id=86974 2.51 2013/04/29 22:19:11 ! Encode.xs Addressed: Encode.xs doesn't compile with Microsoft C compiler https://rt.cpan.org/Public/Bug/Display.html?id=84920 ! MANIFEST Addressed: t/taint.t missing https://rt.cpan.org/Public/Bug/Display.html?id=84919 2.50 2013/04/26 18:30:46 ! Encode.xs Unicode/Unicode.xs lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm t/taint.t Addressed: Encode::encode and Encode::decode gratuitously launders tainted data Taintedness now propagates as it should. https://rt.cpan.org/Ticket/Display.html?id=84879 ! encoding.pm Addressed: 5.18 deprecation https://rt.cpan.org/Ticket/Display.html?id=84709 ! bin/piconv Applied: Update piconv documentation https://rt.cpan.org/Ticket/Display.html?id=84695 2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails dankogai/p5-encode#8 2.48 2013/02/18 02:23:56 ! encoding.pm t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t [PATCH] Deprecate encoding.pm https://rt.cpan.org/Ticket/Display.html?id=81255 ! Encode/Supported.pod Fixed: Pod errors https://rt.cpan.org/Ticket/Display.html?id=81426 ! Encode.pm t/Encode.t [PATCH] Fix for shared hash key scalars https://rt.cpan.org/Ticket/Display.html?id=80608 ! Encode.pm Fixed: Uninitialized value warning from Encode->encodings() https://rt.cpan.org/Ticket/Display.html?id=80181 ! Makefile.PL Install to 'site' instead of 'perl' when perl version is 5.11+ https://rt.cpan.org/Ticket/Display.html?id=78917 ! Encode/Makefile_PL.e2x find enc2xs.bat if it works on windows. dankogai/p5-encode#7 ! t/piconv.t Fix finding piconv in t/piconv.t dankogai/p5-encode#6
schwern
pushed a commit
to evalEmpire/parfait
that referenced
this issue
Jan 1, 2014
[DELTA]
$Revision: 2.49 $ $Date: 2013/03/05 03:12:49 $
! Encode.xs
Addressed: Encoding objects leak memory if decoding fails
dankogai/p5-encode#8
jperkin
pushed a commit
to TritonDataCenter/pkgsrc-legacy
that referenced
this issue
Jan 21, 2014
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $ ! Encode.xs + t/cow.t Addressed: COW breakage with _utf8_on() https://rt.cpan.org/Ticket/Display.html?id=88230 ! Encode.pm Reverted the document accordingly to #11 dankogai/p5-encode#10 + t/decode.t Unit test for decoding behavior change in #11 dankogai/p5-encode#12 2.53 2013/08/29 15:20:31 ! Encode.pm Merged: Do not short-circuit decode_utf8 with utf8 flags dankogai/p5-encode#11 Merged: document decode_utf8 behaviour more precise dankogai/p5-encode#10 ! Makefile.PL Added repository cpan metadata dankogai/p5-encode#9 2.52 2013/08/14 02:29:54 ! ucm/*.ucm Addressed: Unicode Mappping tables are missing Unicode Inc. license notification All files including "as long as this notice remains attached" now have that notice attached in the comment section. (cp* and mac* do not since their source files do not include that notice) https://rt.cpan.org/Ticket/Display.html?id=87340 ! lib/Encode/MIME/Header.pm t/mime-header.t Addressed: encoding "0" with MIME-Headers gets a blank string https://rt.cpan.org/Ticket/Display.html?id=87831 ! Encode.pm Addressed: Documentation buglet https://rt.cpan.org/Ticket/Display.html?id=84992 ! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL Symbol/Makefile.PL TW/Makefile.PL Applied: Patch to output #includes in deterministic order https://rt.cpan.org/Ticket/Display.html?id=86974 2.51 2013/04/29 22:19:11 ! Encode.xs Addressed: Encode.xs doesn't compile with Microsoft C compiler https://rt.cpan.org/Public/Bug/Display.html?id=84920 ! MANIFEST Addressed: t/taint.t missing https://rt.cpan.org/Public/Bug/Display.html?id=84919 2.50 2013/04/26 18:30:46 ! Encode.xs Unicode/Unicode.xs lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm t/taint.t Addressed: Encode::encode and Encode::decode gratuitously launders tainted data Taintedness now propagates as it should. https://rt.cpan.org/Ticket/Display.html?id=84879 ! encoding.pm Addressed: 5.18 deprecation https://rt.cpan.org/Ticket/Display.html?id=84709 ! bin/piconv Applied: Update piconv documentation https://rt.cpan.org/Ticket/Display.html?id=84695 2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails dankogai/p5-encode#8 2.48 2013/02/18 02:23:56 ! encoding.pm t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t [PATCH] Deprecate encoding.pm https://rt.cpan.org/Ticket/Display.html?id=81255 ! Encode/Supported.pod Fixed: Pod errors https://rt.cpan.org/Ticket/Display.html?id=81426 ! Encode.pm t/Encode.t [PATCH] Fix for shared hash key scalars https://rt.cpan.org/Ticket/Display.html?id=80608 ! Encode.pm Fixed: Uninitialized value warning from Encode->encodings() https://rt.cpan.org/Ticket/Display.html?id=80181 ! Makefile.PL Install to 'site' instead of 'perl' when perl version is 5.11+ https://rt.cpan.org/Ticket/Display.html?id=78917 ! Encode/Makefile_PL.e2x find enc2xs.bat if it works on windows. dankogai/p5-encode#7 ! t/piconv.t Fix finding piconv in t/piconv.t dankogai/p5-encode#6
jperkin
pushed a commit
to TritonDataCenter/pkgsrc-legacy
that referenced
this issue
Mar 14, 2014
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $ ! Encode.xs + t/cow.t Addressed: COW breakage with _utf8_on() https://rt.cpan.org/Ticket/Display.html?id=88230 ! Encode.pm Reverted the document accordingly to #11 dankogai/p5-encode#10 + t/decode.t Unit test for decoding behavior change in #11 dankogai/p5-encode#12 2.53 2013/08/29 15:20:31 ! Encode.pm Merged: Do not short-circuit decode_utf8 with utf8 flags dankogai/p5-encode#11 Merged: document decode_utf8 behaviour more precise dankogai/p5-encode#10 ! Makefile.PL Added repository cpan metadata dankogai/p5-encode#9 2.52 2013/08/14 02:29:54 ! ucm/*.ucm Addressed: Unicode Mappping tables are missing Unicode Inc. license notification All files including "as long as this notice remains attached" now have that notice attached in the comment section. (cp* and mac* do not since their source files do not include that notice) https://rt.cpan.org/Ticket/Display.html?id=87340 ! lib/Encode/MIME/Header.pm t/mime-header.t Addressed: encoding "0" with MIME-Headers gets a blank string https://rt.cpan.org/Ticket/Display.html?id=87831 ! Encode.pm Addressed: Documentation buglet https://rt.cpan.org/Ticket/Display.html?id=84992 ! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL Symbol/Makefile.PL TW/Makefile.PL Applied: Patch to output #includes in deterministic order https://rt.cpan.org/Ticket/Display.html?id=86974 2.51 2013/04/29 22:19:11 ! Encode.xs Addressed: Encode.xs doesn't compile with Microsoft C compiler https://rt.cpan.org/Public/Bug/Display.html?id=84920 ! MANIFEST Addressed: t/taint.t missing https://rt.cpan.org/Public/Bug/Display.html?id=84919 2.50 2013/04/26 18:30:46 ! Encode.xs Unicode/Unicode.xs lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm t/taint.t Addressed: Encode::encode and Encode::decode gratuitously launders tainted data Taintedness now propagates as it should. https://rt.cpan.org/Ticket/Display.html?id=84879 ! encoding.pm Addressed: 5.18 deprecation https://rt.cpan.org/Ticket/Display.html?id=84709 ! bin/piconv Applied: Update piconv documentation https://rt.cpan.org/Ticket/Display.html?id=84695 2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails dankogai/p5-encode#8 2.48 2013/02/18 02:23:56 ! encoding.pm t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t [PATCH] Deprecate encoding.pm https://rt.cpan.org/Ticket/Display.html?id=81255 ! Encode/Supported.pod Fixed: Pod errors https://rt.cpan.org/Ticket/Display.html?id=81426 ! Encode.pm t/Encode.t [PATCH] Fix for shared hash key scalars https://rt.cpan.org/Ticket/Display.html?id=80608 ! Encode.pm Fixed: Uninitialized value warning from Encode->encodings() https://rt.cpan.org/Ticket/Display.html?id=80181 ! Makefile.PL Install to 'site' instead of 'perl' when perl version is 5.11+ https://rt.cpan.org/Ticket/Display.html?id=78917 ! Encode/Makefile_PL.e2x find enc2xs.bat if it works on windows. dankogai/p5-encode#7 ! t/piconv.t Fix finding piconv in t/piconv.t dankogai/p5-encode#6
jsonn
pushed a commit
to jsonn/pkgsrc
that referenced
this issue
Oct 11, 2014
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $ ! Encode.xs + t/cow.t Addressed: COW breakage with _utf8_on() https://rt.cpan.org/Ticket/Display.html?id=88230 ! Encode.pm Reverted the document accordingly to #11 dankogai/p5-encode#10 + t/decode.t Unit test for decoding behavior change in #11 dankogai/p5-encode#12 2.53 2013/08/29 15:20:31 ! Encode.pm Merged: Do not short-circuit decode_utf8 with utf8 flags dankogai/p5-encode#11 Merged: document decode_utf8 behaviour more precise dankogai/p5-encode#10 ! Makefile.PL Added repository cpan metadata dankogai/p5-encode#9 2.52 2013/08/14 02:29:54 ! ucm/*.ucm Addressed: Unicode Mappping tables are missing Unicode Inc. license notification All files including "as long as this notice remains attached" now have that notice attached in the comment section. (cp* and mac* do not since their source files do not include that notice) https://rt.cpan.org/Ticket/Display.html?id=87340 ! lib/Encode/MIME/Header.pm t/mime-header.t Addressed: encoding "0" with MIME-Headers gets a blank string https://rt.cpan.org/Ticket/Display.html?id=87831 ! Encode.pm Addressed: Documentation buglet https://rt.cpan.org/Ticket/Display.html?id=84992 ! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL Symbol/Makefile.PL TW/Makefile.PL Applied: Patch to output #includes in deterministic order https://rt.cpan.org/Ticket/Display.html?id=86974 2.51 2013/04/29 22:19:11 ! Encode.xs Addressed: Encode.xs doesn't compile with Microsoft C compiler https://rt.cpan.org/Public/Bug/Display.html?id=84920 ! MANIFEST Addressed: t/taint.t missing https://rt.cpan.org/Public/Bug/Display.html?id=84919 2.50 2013/04/26 18:30:46 ! Encode.xs Unicode/Unicode.xs lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm t/taint.t Addressed: Encode::encode and Encode::decode gratuitously launders tainted data Taintedness now propagates as it should. https://rt.cpan.org/Ticket/Display.html?id=84879 ! encoding.pm Addressed: 5.18 deprecation https://rt.cpan.org/Ticket/Display.html?id=84709 ! bin/piconv Applied: Update piconv documentation https://rt.cpan.org/Ticket/Display.html?id=84695 2.49 2013/03/05 03:12:49 ! Encode.xs Addressed: Encoding objects leak memory if decoding fails dankogai/p5-encode#8 2.48 2013/02/18 02:23:56 ! encoding.pm t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t [PATCH] Deprecate encoding.pm https://rt.cpan.org/Ticket/Display.html?id=81255 ! Encode/Supported.pod Fixed: Pod errors https://rt.cpan.org/Ticket/Display.html?id=81426 ! Encode.pm t/Encode.t [PATCH] Fix for shared hash key scalars https://rt.cpan.org/Ticket/Display.html?id=80608 ! Encode.pm Fixed: Uninitialized value warning from Encode->encodings() https://rt.cpan.org/Ticket/Display.html?id=80181 ! Makefile.PL Install to 'site' instead of 'perl' when perl version is 5.11+ https://rt.cpan.org/Ticket/Display.html?id=78917 ! Encode/Makefile_PL.e2x find enc2xs.bat if it works on windows. dankogai/p5-encode#7 ! t/piconv.t Fix finding piconv in t/piconv.t dankogai/p5-encode#6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
We recently got a report about a memory leak in Mojolicious, and i've been able to track it down to our use of encoding objects. Here's a minimal test case to replicate the problem.
Tested on OS X 10.8.2 with Perl 5.16.2 and Encode 2.48.
The text was updated successfully, but these errors were encountered: